Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2577714pxj;
        Sat, 19 Jun 2021 17:05:43 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyVxC9iO8FBKdsDpci1tcCY5j63PADROuGCSmNFnu6FUBgnD80GELYLMgdpWT4k+yIJxVtT
X-Received: by 2002:a17:906:4483:: with SMTP id y3mr17683149ejo.92.1624147543699;
        Sat, 19 Jun 2021 17:05:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624147543; cv=none;
        d=google.com; s=arc-20160816;
        b=0g+VvRp5tABK55V9/MnqhVpaIMR9WCwBFJVun94aXIpluPGDTzeg2y9P+/W6Vm0iG1
         /ismM4BbBndmWHca36CMHXvDYm6etxCeqI0F9wp6N4jWUSlvl+SgQ+MKPZGbraWHtqeg
         h+sECOCy0688RnhdZhhLx8hu0y0wF6j+C5bmv+yntTyZt9kjVUnqXT5Q/XdVsAfCdnco
         js6F24tvztvOnhhKTjcLMyRO+7FXUbwCJLJZBfc5qjZGtb2osVM0+QIYAFt+oM8DJf/n
         I55gu0G6UQiEJKT/PrTH4+c6AP416+PSkSlzX1GGFnjhBNktaEzL7pYY3pzv9OmwavSw
         9ifA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:subject:message-id:date:from:mime-version
         :dkim-signature;
        bh=44d1tWo9uoxKtqiMU5cRkfudx3SHPks/06nJLnMab5I=;
        b=EC9G8f/7gh00q1jnQW8aCxOeeUCZAV860gNiwva8HWDlo83o7C8rR4v4kNHdREeBW2
         AkCvmMy6VidsD+mP8G0CUlEkmmg7xMR28LJL0LcOJrv9BuoTwtcVYx0pyxEXXX9MGG9l
         44J4jXQjZjLXNQmZ9lUXlRbfQOXw8SvnqVwfM6qqlcKsTIyiWoVPF1hrDuINgxhTO9mE
         MchwKLx91OWBa/N+Ow3jO9WYCqQYrpDW7Esn8FTj8RPhPyr/QSUtOlUn7yDAh0vxoRO6
         qVmMzv6IWYcTeyowHegUmEGFYJHsxRPRUWCDH054AekxcNNQmmrcIDdTPVG9fWRie8NL
         Z0Tg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=BfREz8IH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bl4si7682770ejb.689.2021.06.19.17.05.20;
        Sat, 19 Jun 2021 17:05:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=BfREz8IH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230057AbhFSX5h (ORCPT <rfc822;lvda1993@gmail.com> + 99 others);
        Sat, 19 Jun 2021 19:57:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33366 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229584AbhFSX5g (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 19 Jun 2021 19:57:36 -0400
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00DCFC061574
        for <linux-kernel@vger.kernel.org>; Sat, 19 Jun 2021 16:55:23 -0700 (PDT)
Received: by mail-pj1-x102b.google.com with SMTP id g6-20020a17090adac6b029015d1a9a6f1aso8674812pjx.1
        for <linux-kernel@vger.kernel.org>; Sat, 19 Jun 2021 16:55:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=44d1tWo9uoxKtqiMU5cRkfudx3SHPks/06nJLnMab5I=;
        b=BfREz8IH90dC2WDUAwrlakOxtazo/EgGp2omMj4RAUjyQm9Hm1l9N4+YzjAlmb49PJ
         ULLxckE3CNd7HufNGYH1OMZuaK4ipaoVInuFVwKq4pf9q8sHhftfnDvJu2QIxQM6oSkz
         rAAEr7Vpx+wtK6HK6Tnobe4FZqNCOcAxrvLXG2M0iGTIpOck853lE9QDRGLNn7mFYR64
         kujAPRHDtOyf+OVlUoKefvc5YmKx60E+LKPRIzIiaJkMdV+OzdvX8Q2Mw5r6o9Lo1eVg
         Q0teJPHA0CvFL+enmeMqked7EfWZWcoaB6vl36GXK1yZbDeelmYJ6wO3oAwtsLjOD+JX
         BwdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=44d1tWo9uoxKtqiMU5cRkfudx3SHPks/06nJLnMab5I=;
        b=j6xp0CX4KoUfMisUCK/yi7bFzjyioXJcNdx56VsQriRl++AKsxEUMjSwNLWrt5J3s1
         XseTCCKb9UsvG/bsUVdwXBaLfbZqVwnOt/EitFjidqW0aLgmO6o4hskfJ/9LUZnEsWcS
         853ZGD9yf6m0U1kkF0OnqKIoCKodYZqfc4TsteO9NSt57+QvUQnfTn5N8HOp+N8sCLzX
         pbc3O89Xih8vy62hTqnXI1k7UEUCH84VvXWwMEvwBopIaRDZmFovyxOADjsboPR0Wq84
         n8gs3tASptDBUIy1P56N4n3CKep6c6RpJGmKi7pd5As5PbzFdfwt8JS6SBX4vXOobLN8
         PhJA==
X-Gm-Message-State: AOAM530jP1cJzn7XFEBxUPcIOwupTzHJR3TUXkz5lfVKaUHJmzwU1R+k
        wHvMaT0sc9ZVH6Glpso1ojxCNJUZ1RZSqJc+BLOEDNz91cM=
X-Received: by 2002:a17:90a:bb97:: with SMTP id v23mr29917944pjr.146.1624146922296;
 Sat, 19 Jun 2021 16:55:22 -0700 (PDT)
MIME-Version: 1.0
From:   "David F." <df7729@gmail.com>
Date:   Sat, 19 Jun 2021 16:55:11 -0700
Message-ID: <CAGRSmLvaZ7av7ne-XKfZGrij1x9i5v1aH=t0ufL=Ad1193G0vA@mail.gmail.com>
Subject: LockDown that allows read of /dev/mem ?
To:     linux-kernel <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

I'm finding that LockDown Integrity prevents blocks things like mdadm,
Xvesa, and a couple of my specialized tools.    There should be an
option to allow /dev/mem read access.  Is there?  There are no secrets
to the boot disk booted environment it's all root.

?